PhishNotify for Gmail

#1

Introduction

Infosec IQ PhishNotify is an add-on for Gmail that will allow learners to report both PhishSim emails as well as any email they believe to be suspicious. Since this is an add-on for Gmail, learners can report emails from whichever browser they use to access Gmail.

Note: The iPadOS Gmail app does not currently support add-ons.

Deployment

Note: If you previously deployed the PhishNotify Chrome Extension and need to remove it, please see Uninstalling the PhishNotify Chrome Extension.

To proceed with the deployment you will need admin access to your Google Workspace account. There are two versions of PhishNotify available for the different instances of Infosec IQ.

If you log into IQ using the domain securityiq.infosecinstitute.com you are in the North American instance of IQ, and if your domain is securityiq-eu.infosecinstitute.com then you’re in the EU instance.

  1. While logged in as a Google Workspace admin, click the link above that corresponds to your Infosec IQ instance.
  2. Click the Admin Install button. You’ll get a popup to confirm the admin install; click Continue to proceed.
  3. The next step will show the permissions required and allow PhishNotify to be deployed to everyone or specific groups. You may wish to install to a smaller pilot group initially.
  4. Click Finish after selecting the users or groups. It can take up to 24 hours before users start to see PhishNotify show up in Gmail.

Once PhishNotify has been deployed you can accept some permissions on behalf of your organization. Google will still require that every user accept permissions as well. Here are the admin steps.

Note: The PhishNotify Gmail add-on is considered “unverified” by Google due to the permissions required to move messages to another location after being reported.

  1. In the Google Workspace admin console, go to Admin > Apps > Google Workspace Marketplace Apps > Apps List.
  2. Click on either PhishNotify+ or PhishNotify+ EU depending on which version was installed above.
  3. Under Data Access, click Grant Access.

Once these steps are completed, users will only the need to accept the following prompt the very first time they use PhishNotify.

PhishNotify_Agreement
PhishNotify_Agreement.png294×796 24.9 KB

Reporting Emails

Once PhishNotify+ has been deployed, the add-on will be available to learners in both the Gmail browser interface and in the Gmail mobile app.

Note: The very first time a learner submits an email they will need to accept the PhishNotify permissions. This will only need to be done once. See the Deployment section above for more information.

  1. PhishNotify for Gmail will show up in browsers on the Gmail side panel in the section below the default Google buttons.
    KB_Screenshot_1
    If the side panel is not visible, users will need to click the arrow in the lower-right corner of the page to expand it. The state of the side panel is saved between logins, so users will only need to expand it once unless it is manually collapsed.
    KB_Screenshot_3
  2. After clicking the PhishNotify button, learners will need to click the “Report Email” button to confirm the submission.
    KB_Screenshot_2
  3. Once the message is submitted, the learner will see the appropriate message for either a PhishSim or Non-PhishSim email per the configuration under PhishSim > PhishNotify > Edit Messages & Behavior.
    KB_Screenshot_4

The experience is similar on the mobile Gmail app, where PhishNotify will show up as an available add-on:

MobileGmail
MobileGmail.png375×641 54.1 KB

License Key

Note: Entering a license key is not required, and will not be necessary for a typical Infosec IQ learner.

PhishNotify for Gmail can only submit emails to a single Infosec IQ account. If a learner needs to be in multiple Infosec IQ accounts, the license key from their preferred account can be entered to route all emails into that account. These steps only need to be completed by individual learners that are known to be in multiple Infosec IQ accounts.

To enter a license key:

  1. Without selecting any email, click on the PhishNotify button.
  2. Click Optional Configurations, then SET YOUR LICENSE KEY.
    Notify_Optional_Configs
    Notify_Optional_Configs.png318×755 14.4 KB
  3. Enter the license key found in the Infosec IQ admin portal under PhishNotify & PhishHunter > PhishNotify Setup.
    2023-11-21%2015_30_44-Infosec%20IQ_%20Initech%20PhishNotify%20%E2%80%94%20Mozilla%20Firefox
    2023-11-21 15_30_44-Infosec IQ_ Initech PhishNotify — Mozilla Firefox.png1429×593 44.5 KB

Troubleshooting

PhishNotify may return one of the following messages when a learner attempts to submit an email.

Message Explanation
To use PhishNotify to report your suspicious emails, please sign up for an Infosec IQ account The learner is not in any Infosec IQ account. Add the user as a learner if they are not already in your account. If the learner is already in your account, then verify that the correct version of PhishNotify was deployed.
Your account does not support a submission of this message type. Please contact your admin for more information. This should only be displayed if a learner is attempting to submit an email to a free account. If this is not the case, verify that the correct version of PhishNotify was deployed. If problems continue, please open a support ticket to troubleshoot further.
There was an error submitting this email to your account. Please contact your admin for more information. The learner is present in more than one IQ account. The learner can either enter a license key per the steps above, or they can be deleted from any IQ accounts where they’re not needed.
Unauthorized License Key. Please verify the license key and that your email is a learner in your IQ account. The learner supplied a license key that doesn’t match the account they are in. Double-check the license key and verify that the correct version of PhishNotify was deployed.